1. Forms
2. CR
3. CR-04-13

What the Form Is

The CR 04 13 Destruction Of Electronic Data Or Computer Programs endorsement is an optional addition to Insurance Services Office (ISO) Commercial Crime or Government Crime coverage forms or policies. Its primary purpose is to provide coverage for the costs associated with the replacement or restoration of electronic data and computer programs that have been damaged or destroyed due to specific perils: a computer virus, vandalism by an employee, or vandalism by an unauthorized natural person who gains access to the insured's computer system. The endorsement also extends to cover reasonable expenses incurred by the insured to restore their computer system to the operational level it was at immediately before the loss occurred.

Classes of Business It Applies To

This endorsement is relevant for a wide range of commercial enterprises and government entities that rely on computer systems and electronic data for their operations and have purchased an underlying crime policy. Examples include:

• Retail businesses that maintain customer databases, inventory systems, and point-of-sale software.
• Service industries that store client records, project data, and proprietary software.
• Manufacturing companies with computer-controlled machinery, design data, and production schedules.
• Healthcare providers (where not superseded by more specific cyber/tech E&O policies) managing patient records and administrative systems.
• Educational institutions with student records, research data, and administrative software.
• Government entities at various levels that handle sensitive public records, financial systems, and operational software.

Real-world example: A small accounting firm's server is infected by a ransomware virus that encrypts all client tax data and damages the accounting software. This endorsement could cover the costs to restore the data from backups (if available and restoration is needed) and reinstall/repair the damaged accounting software, as well as the labor costs to bring the system back to its pre-virus state.

Special Considerations

• Covered Perils: Coverage is specifically limited to damage or destruction caused by: 1. A virus designed to damage or destroy; 2. Vandalism by an employee; or 3. Vandalism by an unauthorized natural person accessing the system. Losses from other causes like hardware failure, power surges (unless leading to a covered peril), or accidental deletion by an authorized user without malicious intent are typically not covered by this endorsement.
• Scope of Restoration: The endorsement covers costs to restore or replace data/programs and restore the system to its pre-loss operational level. It does not cover the cost of system upgrades or improvements beyond what is necessary for restoration.
• Policy Integration: The CR 04 13 is an endorsement and is subject to all terms, conditions, definitions (unless modified by the endorsement), and exclusions of the underlying crime policy to which it is attached.
• Limit and Deductible: A specific limit of insurance and deductible apply to this coverage, which must be declared in the policy.
• Definition of "Occurrence": The endorsement modifies the definition of "occurrence" in the base policy for losses covered under this endorsement, particularly concerning how a virus-related incident is considered. All costs incurred from the discovery of damage by a virus until the system is restored to its prior condition are considered a single occurrence. If the virus reoccurs, it's a new occurrence.
• Owned, Leased, or Operated Systems: Coverage applies to data and programs stored within computer systems that the named insured owns, leases, or operates.

Real-world example: A disgruntled former employee, before their access was revoked, intentionally introduced a script that corrupted a critical database. The CR 04 13 could cover the costs to repair or rebuild this database. However, if the company decided to use this opportunity to migrate to a brand new, more advanced database system, the endorsement would only cover the estimated cost to restore the old system, not the full cost of the new system.

Key Information for Agents and Underwriters

• Risk Assessment: Underwriters should evaluate the insured's reliance on electronic data, the sensitivity of the data, existing IT security measures (firewalls, anti-virus software, intrusion detection), employee access controls, and data backup procedures (frequency, off-site storage, restoration testing).
• Pricing: The premium for this endorsement will depend on the limit of insurance selected, the deductible, the nature of the insured's business, their IT infrastructure, and their risk profile.
• Coverage Gaps: Agents should explain that this endorsement is specific to certain crime-related data destruction perils. It is not a comprehensive cyber liability policy, which would typically cover a broader range of cyber risks like data breaches, liability claims, business interruption from cyber events, and regulatory fines.
• Clarity on Terms: Ensure the insured understands what constitutes "electronic data," "computer program," "virus," and "vandalism" within the context of the endorsement and the base policy.
• Documentation: In the event of a claim, detailed records of the damage, the cause of loss, and the costs incurred for restoration will be crucial.